CVE-2022-29854 - Vulnerability Details - OpenCVE

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitel	6905 6910 6920 6930 6930 Sip 6940 6940 Sip Minet Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitel:minet_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mitel:6905:-:::::::*
	cpe:2.3:h:mitel:6910:-:::::::*
	cpe:2.3:h:mitel:6920:-:::::::*
	cpe:2.3:h:mitel:6930:-:::::::*
	cpe:2.3:h:mitel:6930_sip:-:::::::*
	cpe:2.3:h:mitel:6940:-:::::::*
	cpe:2.3:h:mitel:6940_sip:-:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html
http://seclists.org/fulldisclosure/2022/Jun/32
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-13T13:12:13

Updated: 2024-08-03T06:33:42.959Z

Reserved: 2022-04-27T00:00:00

Link: CVE-2022-29854

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-13T14:15:08.547

Modified: 2024-11-21T06:59:49.750

Link: CVE-2022-29854

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T18:07:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mitel.com/support/security-advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"}, {"tags": ["x_refsource_MISC"], "url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"}, {"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Jun/32"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29854", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.mitel.com/support/security-advisories", "refsource": "MISC", "url": "https://www.mitel.com/support/security-advisories"}, {"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003", "refsource": "CONFIRM", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"}, {"name": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021", "refsource": "MISC", "url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"}, {"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jun/32"}, {"name": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:33:42.959Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mitel.com/support/security-advisories"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"}, {"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Jun/32"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29854", "datePublished": "2022-05-13T13:12:13", "dateReserved": "2022-04-27T00:00:00", "dateUpdated": "2024-08-03T06:33:42.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:minet_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25A8C363-5006-46FD-9AA4-50A53FC1C69A", "versionEndIncluding": "1.8.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*", "matchCriteriaId": "313C5AC0-5535-4D83-9404-D1EAA38A5FA6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*", "matchCriteriaId": "92940D17-30A8-4F1C-95F7-9D7C922C58D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*", "matchCriteriaId": "1837336E-7A1D-414C-B888-56350AF6C32A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD3759B6-49DF-44A8-A49E-E2306966B966", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*", "matchCriteriaId": "05422EAF-9528-48CE-972C-9DF111F91570", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."}, {"lang": "es", "value": "Una vulnerabilidad en los tel\u00e9fonos IP de la serie 6900 de Mitel (MiNet), excepto el 6970, versiones 1.8 (1.8.0.12) y anteriores, podr\u00eda permitir a un atacante no autenticado con acceso f\u00edsico al tel\u00e9fono conseguir acceso de root debido a un control de acceso insuficiente para la funcionalidad test durante el inicio del sistema. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir el acceso a informaci\u00f3n confidencial y una ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2022-29854", "lastModified": "2024-11-21T06:59:49.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-13T14:15:08.547", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/32"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.mitel.com/support/security-advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitel.com/support/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}